CISA: CISA’s VDP Platform 2022 Annual Report Showcases Success
CISA’s VDP Platform 2022 Annual Report Showcases Success Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its inaugural Vulnerability Disclosure...
CISA: CISA Releases One Industrial Control Systems Advisory
CISA Releases One Industrial Control Systems Advisory CISA released one Industrial Control Systems (ICS) advisory on August 29, 2023. This...
Genshin Impact dev will sue Kaveh Hacks users and developers
Genshin Impact developer miHoYohas responded to an in-game hacking situation that has caused problems recently in its player community, warning...
US govt email servers hacked in Barracuda zero-day attacks
Suspected Chinese hackers disproportionately targeted and breached government and government-linked organizations worldwide in recent attacks targeting a Barracuda Email Security...
University of Michigan shuts down network after cyberattack
The University of Michigan has taken all of its systems and services offline to deal with a cybersecurity incident, causing...
Hackers exploit critical Juniper RCE bug chain after PoC release
Hackers are using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration...
How the FBI nuked Qakbot malware from infected Windows PCs
The FBI announced today the disruption of the Qakbot botnet in an international law enforcement operation that not only seized...
Qakbot botnet dismantled after infecting over 700,000 computers
Qakbot, one of the largest and longest-running botnets to date, was taken down following a multinational law enforcement operation spearheaded...
DreamBus malware exploits RocketMQ flaw to infect servers
Image: Midjourney A new version of the DreamBus botnet malware exploits a critical-severity remote code execution vulnerability in RocketMQ servers...
Microsoft adds HSTS support to Exchange Server 2016 and 2019
Microsoft announced today that Exchange Server 2016 and 2019 now come with support for HTTP Strict Transport Security (also known...
New Android MMRat malware uses Protobuf protocol to steal your data
A novel Android banking malware named MMRat utilizes a rarely used communication method, protobuf data serialization, to more efficiently steal data from...
Four in Five Cyber-Attacks Powered by Just Three Malware Loaders
Cybersecurity provider ReliaQuest observed that cyber-criminals used seven different malware loaders to deploy their intrusion campaigns in the first half...
LockBit 3.0 Ransomware Variants Surge Post Builder Leak
The leak of the LockBit 3.0 ransomware builder has triggered a surge in personalized variants, impacting various organizations. Writing in an...
Report Reveals Growing Disparity in Cyber Insurance Landscape
Delinea’s 2023 State of Cyber Insurance Report has revealed a growing disconnect between carriers and enterprises seeking robust coverage. Insights...
New Ransomware Campaign Targets Citrix NetScaler Flaw
Cybersecurity experts at Sophos X-Ops have uncovered a wave of attacks targeting unpatched Citrix NetScaler systems exposed to the internet. Describing...
Microsoft Warns of Adversary-in-the-Middle Uptick on Phishing Platforms
Microsoft has observed a proliferation of adversary-in-the-middle (AiTM) techniques deployed through phishing-as-a-service (PhaaS) platforms, the company explained in a series...
US-CERT Vulnerability Summary for the Week of August 21, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoqemu -- qemuThe hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model...
DNSWatch – DNS Traffic Sniffer and Analyzer
DNSWatch is a Python-based tool that allows you to sniff and analyze DNS (Domain Name System) traffic on your network....
HackerOne Bug Bounty Disclosure: b-idor-delete-all-licenses-and-certifications-from-users-account-using-createorupdatehackercertification-graphql-query-b-callmed
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'callmed0_4'Link to Submitters Profile:https://hackerone.com/b'callmed0_4' Report Title:b'IDOR - Delete all Licenses and certifications...
HackerOne Bug Bounty Disclosure: b-names-not-completely-redacted-despite-redact-the-names-of-the-involved-users-is-selected-b-japz
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'japz'Link to Submitters Profile:https://hackerone.com/b'japz' Report Title:b'Names not completely redacted despite "Redact the...
DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates
A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate. "The current spike in DarkGate malware activity...
Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability
Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what's suspected to be...
Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom
A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to...
Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks
Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service...
